Page 176 - ITU KALEIDOSCOPE, ATLANTA 2019

P. 176

2019 ITU Kaleidoscope Academic Conference

2. PAKE PROTOCOL STANDARDIZATION challenge. In this case, the protocol will end without the
user credentials being exposed to the attacker.
Password-authenticated key exchange (PAKE) protocols
have been defined internationally in Recommendation ITU- When the client authentication-attempt message in a PAKE
T X.1035 [7] and ISO/IEC 11770-4 [8]. PAKE is a protocol is augmented with a user's biometric sample, the
“cryptographic protocol that allows two parties who share PAKE protocol can be extended to provide both mutual
knowledge of a password to mutually authenticate each authentication, and two-factor user identity authentication.
other and establish a shared key, without explicitly The biometric sample included by the user in their
revealing the password in the process” [9]. PAKE protects authentication-attempt message enjoys the same protection
users from phishing and man-in-the-middle attacks, so that against phishing and man-in-the-middle attacks afforded by
users can authenticate with an easily recalled password that PAKE. The user still benefits from mutual authentication,
is never exposed to an attacker. gaining assurance that the intended server has been
accessed instead of an attacker's server.
PAKE protocols achieve mutual authentication without
requiring that users possess digital certificates. By not 3. BIOMETRIC EXTENDED PAKE PROTOCOL
requiring certificates, the cost and operational complexity
of providing mutual authentication solutions can be reduced Biometric authenticated key exchange (BAKE) is an
compared to solutions that rely on a public key extension of the PAKE protocol that provides strong, two-
infrastructure (PKI). By design, PAKE protocols never factor user identity authentication [10]. BAKE extends
expose "the user password to a server impersonation or PAKE by including a user biometric sample, a something-
eavesdropping attack" [5] during a user authentication you-are authenticator, in the PAKE authentication-attempt
attempt. message sent by a user to a server [10]. A claimed user
identity (i.e., an account name) is sent to the server in the
This characteristic of PAKE “prevents off-line dictionary clear. Transfer of the user biometric sample is protected by
attacks, a common password authentication problem.” [9]. encryption under the symmetric key derived from a PAKE
The user's password is input to a Diffie-Hellman key user password, a something-you-know authenticator.
exchange process to derive a symmetric key. This derived
key is used as the basis for ensuring the confidentiality of ICT innovations have led to increased availability and
communications between a user and a server during sophistication of "inexpensive mobile computing devices"
operation of a PAKE protocol. that incorporate "wide varieties of biometric sensors" [5].
"Face, voice, gesture and touch biometric sensors are
The operation of a PAKE protocol, as depicted in Figure 1, becoming commonplace" [5]. This makes it practical for
begins with the user providing a password to a browser or system designers to offer users greater choice that serves
user agent. The password must be preregistered, a value more users. Designers "no longer need to settle on just one
known to the server, so that the user and server can derive biometric technology for authentication" [5]. The ubiquity
the same cryptographic key. The user can assert an identity of sensor-rich ICT devices presents opportunities "to create
claim by presenting an account name to the server in the designs that provide secure authentication and access to
clear, along with their authentication-attempt message web-based services to a greater number of elderly and
encrypted using their password-derived key. disabled users" [5]. ICT innovation is an important enabler
of universal access.

For some biometric technology types, operation of a BAKE
protocol can require two user inputs, one input for each
authentication factor. The user may be required to enter
their password through a keyboard or touch screen, then to
provide a biometric sample using a separate sensor device.
Requiring two user input actions can make two-factor
authentication solutions less convenient and more
Figure 1 – PAKE-based web authentication (Source: Web challenging for some users.
2.0 Security & Privacy (W2SP) 2009)
However, biometric sensor data provides a rich source of
This encrypted message contains a user challenge to the user authentication information. For some biometric
server. If the server a user intends to access receives the technology types, data containing two authentication factors
encrypted message, the stored password for the user can be collected from a biometric sensor with a single user
account can be located, the key needed to decrypt the input. As one example, a microphone can collect a user
message can be derived, the message can be decrypted, and voice sample that contains speaker recognition data, from
the server can respond to the user challenge. If an attacker which a biometric sample can be matched against a
receives the encrypted message, they will not possess the previously stored biometric reference. Using this same
user password needed to derive the key, and they will not voice sample, a speech recognition tool can extract user
be able to decrypt the user message and respond to the user

– 156 –

171 172 173 174 175 176 177 178 179 180 181